Commit graph

45291 commits

Author SHA1 Message Date
b40d475029 Bug 30438: Add select all/clear all buttons to invoices.tt
To test:
1. Apply patch
2. Have a bunch of invoices, some open and some closed.
3. Go to Home > Acquisitions > Invoices and do a search that will
   return you many of those invoices, some open and some closed.
4. Notice the 'Select all' and 'Clear all' buttons.
5. Try clicking 'Select all' on the Open invoices tab. All Open invoices
   should become checked.
6. Try clicking 'Clear all' on the Open invoices tab. All open invoices
   should become unchecked.
7. Try 5 - 6 again but on the Closed invoices tab.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
81ed12df8c Bug 30611: DBRev 21.12.00.053
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
5f81b5e29e Bug 30611: (follow-up) Use constants
Update ternary for token timeout to use perl constants

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
0b5b3919c0 Bug 30611: (QA follow-up) Only show reset option for allowed categories
This patch adds a check that the patron can reach the password reset
page using category.effective_reset_password which handles fallback to
OpacResetPassword system preference transparently.

Test plan
1) Set at least one patron category to dissallow patron password resets
2) Search for a patron of that category
3) Confirm the 'Send password reset' option no longer appears

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
b5a93edea5 Bug 30611: Add ability for staff to send password reset emails
This patch adds the ability for staff with the edit_borrowers permission
to send password reset emails to users.

The staff initiated password reset has it's own notice,
STAFF_PASSWORD_RESET, and the reset link produced has an extended
timeout of 5 days, as apposed to the usual 2 day limit.

Test plan
1) Apply patch and run the database update
2) Login to the staff client with a user who has the 'edit_borrowers'
   permission.
3) Note that a new, 'Send password reset' option appears under the
   'More' menu on the patron details page.
4) Clicking the button will queue the STAFF_PASSWORD_RESET notice and
   redirect the user to the Notices tab.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
e86c1e6736 Bug 30611: Add STAFF_PASSWORD_RESET notice
This patch adds a new STAFF_PASSWORD_RESET notice template for password
recoveries initiated via the staff client as aposed for those initiated
by the end user.

Signed-off-by: Sally <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Chmod 755 on atomic update file.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
032deac223 Bug 30290: DBRev 21.12.00.052
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
Katrin Fischer
de350e0bf2 Bug 30290: (QA follow-up) Sample notices/database update: Change phrasing to Yes/No
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
9f37d3bc2d Bug 30290: (follow-up) Add warning for translated notices
Note: Problem is that we cannot know if default was translated
or en contains the original notice. Actually this holds for
the other languages too. So this is an educated guess without
using the lang field.

Test plan:
Run db rev.
Trigger the warning by replacing Pages by PPages in an AR notice.
Run db rev again.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
5d96207f2d Bug 30290: Database revision for existing notices
Note: It will be hard to update translated notices. If we cannot find
the part 'Pages:' then the replace does not do anything.

Test plan:
Run db rev.
Check an existing AR notice (English).

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
bd0277e7ea Bug 30290: Adjust sample_notices.yml
Test plan:
Run a new install. Check the AR notices.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-10 15:17:17 -10:00
68990b9b9a Bug 30722: Typo in overdue recalls template
This patch corrects a typo in the <title> tag of the
overdue recalls template:

"Circulaion" corrected to "Circulation."

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-09 10:02:35 -10:00
50fb8ce0f5 Bug 30706: Fix space in check for dateformat preference
This patch fixes the calendar.inc includes in both staff and OPAC in
order to remove a typo: An extra space in the check for the "dateformat"
system preference.

The result of this error is that changes to the dateformat system
preference will not be correctly applied to Koha without a restart.

To reproduce the problem start the process of creating a new patron.

 - In the date of birth field, select a date. The format of the date
   inserted should match your current dateformat system preference.
 - Go to Administration -> System preferences and update dateformat to
   something different.
 - Go back to the patron creation form (refresh it if necessary).
 - The hint under the Date of birth field will match your updated system
   preference, but when you pick a date using the calendar widget it
   will still be formatted according to the old value of dateformat.

To test the fix, apply the patch and run through the same steps above.
A change the dateformat preference should be immediately reflected in
the functionality of the calendar widget.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-09 10:02:35 -10:00
213abbe819 Bug 30668: Do not record itme location updates in cataloguing log
To test:
1 - Set a rule in UpdateItemLocationOnCheckin
2 - Enable cataloguing log
3 - Check in an item that will trigger a change
4 - Check the modification log for item - there is a cataloguing entry
5 - Apply patch
6 - Repeat
7 - No log!

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-09 10:02:35 -10:00
4b9be0e134 Bug 30668: Unit tests
Simple test to cover UpdateNOtForLoanStatusOnCheckin and UpdateItemLocationOnCheckin
to confirm the cataloguing log does not record these

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-09 10:02:35 -10:00
874afc0e53 Bug 29755: (follow-up) Mock NoIssuesChargeGuarantorsWithGuarantees in test
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 15:58:13 -10:00
f747d38aea Bug 29755: Check each NoIssuesCharge separately
This patch updates SIP patron code to use account methods to calculate balances
over the patronflags returns. It also checks if patron should be blocked for each
'No Issues charge' preference

Tests are added for NoIssuesChargeGuarantees

To test:
 1 - Set noissuescharge preference to 5
 2 - Add a $10 charge to a patron
 3 - perl misc/sip_cli_emulator.pl -a localhost -p 6001 -su term1 -sp term1 -l CPL -m patron_information --patron BARCODE
 4 - Note the 64 message starts with Y's that mean patron is blocked
 5 - Set noissuescharge to 11
 6 - Repeat 3, patron is no longer blocked
 7 - Set NoIssuesChargeGuarantees to 8
 8 - Repeat 3, patron is blocked
 9 - Pay $3 on patron so they owe 7
10 - Repeat 3, patron is not blocked
11 - Add a child account with patron as guarantor
12 - Repeat 3, patron is not blocked
13 - Add a $4 charge to child
14 - Repeat 3, patron is blocked
15 - Repeat 3, but with child barcode, child is not blocked
16 - Set NoIssuesChargeGuarantorsWithGuarantees to 10
17 - Repeat 3, patron is blocked
18 - Repeat 3 with child barcode, child is blocked

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 15:58:13 -10:00
Julian Maurice
a36145eb8d Bug 30604: Add value builders for UNIMARC 146 ($a, $h and $i)
Test plan:
1. Configure the default MARC framework to use those value builders:
   - unimarc_field_146a for 146$a
   - unimarc_field_146h for 146$h
   - unimarc_field_146i for 146$i
2. Verify that they all work correctly according to
https://www.ifla.org/files/assets/uca/unimarc_updates/BIBLIOGRAPHIC/u-b_146.pdf

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
541929ea29 Bug 30703: Remove a few CookieManager warnings
Running Auth.t produces several warnings like:
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 103.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 104.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 112.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 103.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 104.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 112.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 103.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 104.
Use of uninitialized value $name in hash element at /usr/share/koha/Koha/CookieManager.pm line 112.

Test plan:
prove  t/CookieManager.t t/db_dependent/Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
08933d3e0a Bug 30702: Fix Context.pm L785 warning on sessionID
Trivial fix. Before working on bug 29954.

Test plan:
Run a few tests like t/Context.t, t/db_dependent/Auth.t and
t/db_dependent/Circulation.t.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
7c438c324e Bug 30638: Resolve odd number in hash warn in Letters
Odd number of elements in anonymous hash at C4/Letters.pm line 827.

Trivial fix. Adding undefined check on result to prevent warns
on that one.

No test plan. Read the patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
Shi Yao Wang
43299fe5cc Bug 30551: Make cash register report take branchcode from cash register
This patch makes it so cash register reports puts branchcode from the
cash register where the payment was made into "Transaction library"
column instead of taking the branchcode of the manager.

Test plan:
1- Use cash registers (administration > system preferences > UseCashRegisters)
2- Create another library if you only have one (administration > libraries > new library)
3- Create a cash register in each library if they don't already have one (administration > cash registers > new cash register)
4- Create a fee on your own account and pay it right after in both libraries.
5- Go to reports > cash register and generate the statistics.
6- Notice "transaction library" in both rows are the same even though the fees were paid in two different libraries and two different cash registers.
7- Apply the patch and click submit to re-generate statistics
8- Notice it now shows the correct library where the transactions were done

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
21e03340c6 Bug 29705: In test suite merge IssuingRules with CirculationRules
After Bug 18936, in test suite, there is still t/db_dependent/Koha/IssuingRules.t and t/db_dependent/Koha/IssuingRules/
This patch moves IssuingRules.t inside CirculationRules.t and renames dir t/db_dependent/Koha/IssuingRules.
And adds DB transation in each first-level subtest.

Also renames in :
  use constant GUESSED_ITEMTYPES_KEY => 'Koha_IssuingRules_last_guess';

Test plan :
Run prove t/db_dependent/Koha/CirculationRules.t
prove t/db_dependent/Koha/CirculationRules/*
prove t/db_dependent/Circulation/maxsuspensiondays.t

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
1501ff3259 Bug 30688: Compiled CSS
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
ee2feeafd6 Bug 30688: Error in path to CSS background image
This patch corrects the path of an image specified as the background to
a couple of elements in the OPAC. The incorrect path was causing 404
errors.

To test, apply the patch and rebuild the OPAC CSS
(https://wiki.koha-community.org/wiki/Working_with_SCSS_in_the_OPAC_and_staff_client).

- If necessary, activate one or more cover image services in
  Administration, e.g. OPACAmazonCoverImages, OPACLocalCoverImages,
  and/or OpenLibraryCovers.
- In the OPAC, locate a bibliographic record which has a cover image
  from one or more of the services you activated.
- On the detail page for that record, the cover should load correctly.
- In the browser console you should see no errors related to a file not
  found: /opac-tmpl/bootstrap/img/spinner-small.gif
- In the browser console, submit this JavaScript snippet:

  $(".cover-image").remove();

  The cover image should disappear, revealing the "spinner" icon behind
  it.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
5e1a1171cb Bug 30613: Hide RSS feed link when viewing private list in the OPAC
This patch wraps the List RSS icon in a check on whether the list is
public. Private lists RSS can only be accessed by a logged-in patron.

To test apply the patch and view a public list in the OPAC. You should
see an RSS link icon next to the list title.

Now log in to the OPAC and view a private list. There should be no RSS
link.

Note the QA tool warning about the aria-hidden attribute is a false
positive. The parent element has a label.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
b63f6d95f7 Bug 30639: Split search terms for patron search
If several terms are passed we should split them.

Test plan:
Search for "edna acosta" (without quotes) in the filters from the left
side of the main patron search
Do some regression tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
8fa7773336 Bug 30607: Don't overload our default initComplete
We want to keep the default initComplete call to add/remove the
'disabled' class on the 'Clear filters' link.

Test plan:
Search for patrons, add something to the general DT search and confirm
that the 'Clear filters' link can be clicked (ie. is not disabled) when
the input field is not empty.

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Agree that it does not look very elegant.
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
bda0b1fd03 Bug 30514: Error in date format check following datepicker removal
This patch corrects the is_valid_date function in the OPAC and staff
interface so that it work correctly with Flatpickr.

To test, apply the patch and clear your browser cache if necessary.

- In the staff client, locate a bibliographic record and edit its items.
- Test that the "Date acquired" date picker works correctly and that
  there are no errors in the browser console.
- Test other date input fields to check that they still work, e.g.
  specify due date during checkout; Catalog statistics wizard; Patron
  entry/modification, etc.
- Perform similar tests in the OPAC: Hold suspension; Update your
  personal details.

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
cbc3b19cdb Bug 30709: 'Insert' button in notices editor not adding selected placeholders to notice
This patch updates letter.js so that it uses .prop("selected") to look
for selected <option>s instead of .attr("selected"). This is necessary
because of the jQuery upgrade.

To test, apply the patch and edit any notice. Test that you can select
one or more database columns and insert them into the body of a notice
by clicking "Insert." Confirm that your selections are inserted where
you left the cursor in the message textarea.

Test with multiple message transports and with multiple languages
installed (with TranslateNotices enabled).

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
0d196ae7fb Bug 30622: Patron search when placing hold should redirect if cardnumber is entered
When search a patron for placing a hold, if a cardnumber is entered we
should pick the patron and use it, instead of display the table result.

This was a regression caused by bug 30063.

Test plan:
- Place a hold on anything in staff
- Search for 42 or any other existing cardnumber in your database

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
a3aaf10e59 Bug 29926: (QA follow-up) Date format missing in spec
On fixing the spec to have `format: date` I noticed the tests were
expecting explosions because of date handling not being done. The
OpenAPI plugin does this correctly when you set the format right.

So, I adapted the tests so they expect 400 and return the type error.

We don't usually add such tests (i.e. test the plugin does its job
correctly) but it doesn't hurt to keep them just in case something
really changes badly there (plugin bug?).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:10 -10:00
b97bf747e9 Bug 29926: (QA follow-up) API design fixes
This patch makes the following changes to the spec:

* Password being the resource and expiration_date an attribute for it,
  so reorganizing things and also renaming the route.
* Be it undefined or defined, expiration date is only one and thus
  should use the PUT verb (as in overwrite).
* Minor bug 30194-related fixes.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
60c8534b8d Bug 29926: Add ability for superlibrarians to batch edit password expiration dates
To test:
1 - Sign in as a superlibrarian
2 - Tools->Batch patron modification
3 - Add patrons with and without pasword expiration set
4 - Confirm dates display correctly on modification page, or show never
5 - Check the box to delete all dates
6 - Confirm patrons now show 'Never'
7 - Edit patrons again, set a date
8 - Confirm date is set correctly
9 - Sign in as a user with catalogue/tools/borrowers permissions, but not superlibrarian
10 - Confirm y9ou do not see, and cannnot edit password expiration dates

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
6ae0b3c76c Bug 29926: Add ability for superlibrarian to view/edit password expiration
To  test:
 1 - Sign in as a superlibrarian
 2 - Find a patron account with no password expiration set
 3 - View member detials
 4 - note expiration says 'Never'
 5 - Edit patron
 6 - Set patron expiration
 7- Save
 8 - View details, confirm password expiration shows correctly
 9 - Sign in as non-superlibrarian
10 - Confirm you don't see expirationdate on details page
11 - Edit patron and confirm password expiration does not show
12 - Edit HTML and confirm you epxiration date not saved
     <input type="text" name="password_expiration_date" value="2052-05-02">

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
e18e1d9e9d Bug 29926: Add pasword expiration route for API
To test:
1 - prove -v t/db_dependent/api/v1/patrons_password_expiration.t

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
c423c9159d Bug 29925: (follow-up) Add new pref in sysprefs.sql
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
36e60f52ac Bug 29925: DBRev 21.12.00.051
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
c7d37248a6 Bug 29925: (follow-up) Allow password reset when OpacPublic not set
Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
e941dfdc99 Bug 29925: Add a password reset page for expired passwords
This patch adds a new page opac-reset-password where a user cna enter their login
(userid or carndumber), current password, and new password.

If the user has a password expiration date and the current password is correct and
the new passwords match and meet requirements their password will be updated and the
expiration date reset

A patron whose password does not expire will be reidrected to login to change their password

To test:
 1 - Apply patch, updatedatabase, enable new syspref EnableExpiredPasswordReset
 2 - Set 'Password expiration' for a patron category
     Home->Administration->Patron categories->Edit
 3 - Create a new patron in this category with a userid/password set, and an email
 4 - Update the patron with an expiration to be expired
     UPDATE borrowers SET password_expiration='2022-01-01' WHERE borrowernumber=51;
 5 - Give the borrower catalogue permission
 6 - Attempt to log in to Straff interface
 7 - Confirm you are signed out and notified that password must be reset
 8 - Click 'Reset your password' link
 9 - You should see the reset password page with fields for: login, current password, new password, conmfirm password
10 - enter invalid/incomplete credentials
11 - Confirm you are notified of invlaid credentials
12 - Fill in all fields, but enter current password as new password
13 - Confirm you are notified of no change
14 - Set minimum password length / strong password requirement for category
15 - Confirm you receive error if new password too short or not secure
16 - Enter a valid new password and submit and confirm update is successful
17 - Confirm you have buttons to go to OPAC or Staff and that both work
18 - Confirm you cna log in (i.e. expiration has been reset)
19 - Expire the users password
20 - Remove catalogue permission
21 - Reset password again and confirm only OPAC link

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
9c55003cc3 Bug 29924: (follow-up) Fix t/db_dependent/Koha/Patron.t number of tests
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
e45aef832a Bug 29924: DBRev 21.12.00.050
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
b50a88dfcc Bug 29924: Update DBIC schema
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
6fba85d23b Bug 29924: Avoid leaking information on wrong credentials
If the passed credentials are wrong, we shouldn't expose things like the
password is expired.

This patch takes care of that.

To test:
1. Have a known patron with password_expiration_date set so its
   password is expired. Can be done like:
   $ koha-mysql kohadev
   > UPDATE borrowers \
     SET password_expiration_date='2022-04-25' \
     WHERE borrowernumber=132;
   Note: change the borrowernumber
2. Attempt to login to the OPAC with wrong credentials
=> SUCCESS: You are rejected, with a message telling credentials are
            wrong
=> FAIL: You are told the password is expired.
3. Apply this patch and restart Plack
4. Repeat 2
=> SUCCESS: You are rejected, credentials are wrong and no mention to
            password being expired.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
4e2cfbe75e Bug 29924: Add tests for API Basic auth behavior
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
5ca99ca594 Bug 29924: (QA follow-up) Remove password_expiration_date from API
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
9047dfce55 Bug 29924: Update ILSDI to be aware of expired passwords
To test:
1 - Enable ILSDI
2 - Set a patron password with expired password
3 - http://localhost:8080/cgi-bin/koha/ilsdi.pl?service=AuthenticatePatron&username=usernam&password=password
4 - Confirm 'PasswordExpired' returned

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
7709b2cddf Bug 29924: (follow-up) Add default value undef for TestBuilder
Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
ef58458ad4 Bug 29924: (follow-up) Add password_expiration_date to API
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00
9b35c642e2 Bug 29924: (follow-up) Add bug number to atomicupdate; Style OPAC message
- The atomicupdate didn't have "bug_number" defined.
- The "Your password has expired" message is now styled with the same
  class as other OPAC login messages.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org>

Signed-off-by: Andrew Fuerste-Henry <andrew@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2022-05-06 10:33:09 -10:00